🌙

当你的东西不听话:物联网中的安全治理

When Your Thing Won’t Behave: Security Governance in the Internet of Things

Information Systems Frontiers · 2024
被引 1
ABS 3

中文导读

研究了物联网中智能设备因共享技术平台而加剧的安全风险,用汽车行业的风险量化模型分析关键参数,为个体、组织和监管层提供治理建议。

Abstract

Abstract In the Internet of Things (IoT), interconnected smart things enable new products and services in cyber-physical systems. Yet, smart things not only inherit information technology (IT) security risks from their digital components, but they may also aggravate them through the use of technology platforms (TPs). In the context of the IoT, TPs describe a tangible (e.g., hardware) or intangible (e.g., software and standards) general-purpose technology that is shared between different models of smart things. While TPs are evolving rapidly owing to their functional and economic benefits, this is partly to the detriment of security, as several recent IoT security incidents demonstrate. We address this problem by formalizing the situation’s dynamics with an established risk quantification approach from platforms in the automotive industry, namely a Bernoulli mixture model. We outline and discuss the implications of relevant parameters for security risks of TP use in the IoT, i.e., correlation and heterogeneity, vulnerability probability and conformity costs, exploit probability and non-conformity costs, as well as TP connectivity. We argue that these parameters should be considered in IoT governance decisions and delineate prescriptive governance implications, identifying potential counter-measures at the individual, organizational, and regulatory levels.

物联网网络安全平台治理风险管理